From 30892709d7371da4c0af1eda2ac482276b0cbd05 Mon Sep 17 00:00:00 2001 From: Steve Holme Date: Sun, 16 Nov 2014 13:18:26 +0000 Subject: ntlm: Moved the SSPI based Type-3 message generation into the SASL module --- lib/curl_ntlm_msgs.c | 68 ++-------------------------------------------------- lib/curl_sasl_sspi.c | 54 ++++++++++++++++++++++++++++++++++++++--- 2 files changed, 53 insertions(+), 69 deletions(-) diff --git a/lib/curl_ntlm_msgs.c b/lib/curl_ntlm_msgs.c index 3f4d86bd3..eaa4bd365 100644 --- a/lib/curl_ntlm_msgs.c +++ b/lib/curl_ntlm_msgs.c @@ -22,7 +22,7 @@ #include "curl_setup.h" -#ifdef USE_NTLM +#if defined(USE_NTLM) && !defined(USE_WINDOWS_SSPI) /* * NTLM details: @@ -43,10 +43,6 @@ #include "warnless.h" #include "curl_memory.h" -#ifdef USE_WINDOWS_SSPI -# include "curl_sspi.h" -#endif - #include "vtls/vtls.h" #define BUILDING_CURL_NTLM_MSGS_C @@ -148,7 +144,6 @@ static void ntlm_print_hex(FILE *handle, const char *buf, size_t len) # define DEBUG_OUT(x) Curl_nop_stmt #endif -#ifndef USE_WINDOWS_SSPI /* * This function converts from the little endian format used in the * incoming package to whatever endian format we're using natively. @@ -461,7 +456,6 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp, /* Return with binary blob encoded into base64 */ return Curl_base64_encode(NULL, (char *)ntlmbuf, size, outptr, outlen); } -#endif /* * Curl_ntlm_create_type3_message() @@ -509,63 +503,6 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data, CURLcode result = CURLE_OK; size_t size; - -#ifdef USE_WINDOWS_SSPI - SecBuffer type_2_buf; - SecBuffer type_3_buf; - SecBufferDesc type_2_desc; - SecBufferDesc type_3_desc; - SECURITY_STATUS status; - unsigned long attrs; - TimeStamp expiry; /* For Windows 9x compatibility of SSPI calls */ - - (void)passwdp; - (void)userp; - - /* Setup the type-2 "input" security buffer */ - type_2_desc.ulVersion = SECBUFFER_VERSION; - type_2_desc.cBuffers = 1; - type_2_desc.pBuffers = &type_2_buf; - type_2_buf.BufferType = SECBUFFER_TOKEN; - type_2_buf.pvBuffer = ntlm->input_token; - type_2_buf.cbBuffer = curlx_uztoul(ntlm->input_token_len); - - /* Setup the type-3 "output" security buffer */ - type_3_desc.ulVersion = SECBUFFER_VERSION; - type_3_desc.cBuffers = 1; - type_3_desc.pBuffers = &type_3_buf; - type_3_buf.BufferType = SECBUFFER_TOKEN; - type_3_buf.pvBuffer = ntlm->output_token; - type_3_buf.cbBuffer = curlx_uztoul(ntlm->token_max); - - /* Generate our type-3 message */ - status = s_pSecFn->InitializeSecurityContext(ntlm->credentials, - ntlm->context, - (TCHAR *) TEXT(""), - 0, 0, SECURITY_NETWORK_DREP, - &type_2_desc, - 0, ntlm->context, - &type_3_desc, - &attrs, &expiry); - if(status != SEC_E_OK) { - infof(data, "NTLM handshake failure (type-3 message): Status=%x\n", - status); - - return CURLE_RECV_ERROR; - } - - size = type_3_buf.cbBuffer; - - /* Return with binary blob encoded into base64 */ - result = Curl_base64_encode(NULL, (char *)ntlm->output_token, size, - outptr, outlen); - - Curl_sasl_ntlm_cleanup(ntlm); - - return result; - -#else - unsigned char ntlmbuf[NTLM_BUFSIZE]; int lmrespoff; unsigned char lmresp[24]; /* fixed-size */ @@ -892,7 +829,6 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data, Curl_sasl_ntlm_cleanup(ntlm); return result; -#endif } -#endif /* USE_NTLM */ +#endif /* USE_NTLM && !USE_WINDOWS_SSPI */ diff --git a/lib/curl_sasl_sspi.c b/lib/curl_sasl_sspi.c index d54d2ae42..a1c606492 100644 --- a/lib/curl_sasl_sspi.c +++ b/lib/curl_sasl_sspi.c @@ -38,7 +38,6 @@ #include "warnless.h" #include "curl_memory.h" #include "curl_multibyte.h" -#include "curl_ntlm_msgs.h" #include "sendf.h" #include "strdup.h" @@ -666,8 +665,57 @@ CURLcode Curl_sasl_create_ntlm_type3_message(struct SessionHandle *data, struct ntlmdata *ntlm, char **outptr, size_t *outlen) { - return Curl_ntlm_create_type3_message(data, userp, passwdp, ntlm, outptr, - outlen); + CURLcode result = CURLE_OK; + SecBuffer type_2_buf; + SecBuffer type_3_buf; + SecBufferDesc type_2_desc; + SecBufferDesc type_3_desc; + SECURITY_STATUS status; + unsigned long attrs; + TimeStamp expiry; /* For Windows 9x compatibility of SSPI calls */ + + (void) passwdp; + (void) userp; + + /* Setup the type-2 "input" security buffer */ + type_2_desc.ulVersion = SECBUFFER_VERSION; + type_2_desc.cBuffers = 1; + type_2_desc.pBuffers = &type_2_buf; + type_2_buf.BufferType = SECBUFFER_TOKEN; + type_2_buf.pvBuffer = ntlm->input_token; + type_2_buf.cbBuffer = curlx_uztoul(ntlm->input_token_len); + + /* Setup the type-3 "output" security buffer */ + type_3_desc.ulVersion = SECBUFFER_VERSION; + type_3_desc.cBuffers = 1; + type_3_desc.pBuffers = &type_3_buf; + type_3_buf.BufferType = SECBUFFER_TOKEN; + type_3_buf.pvBuffer = ntlm->output_token; + type_3_buf.cbBuffer = curlx_uztoul(ntlm->token_max); + + /* Generate our type-3 message */ + status = s_pSecFn->InitializeSecurityContext(ntlm->credentials, + ntlm->context, + (TCHAR *) TEXT(""), + 0, 0, SECURITY_NETWORK_DREP, + &type_2_desc, + 0, ntlm->context, + &type_3_desc, + &attrs, &expiry); + if(status != SEC_E_OK) { + infof(data, "NTLM handshake failure (type-3 message): Status=%x\n", + status); + + return CURLE_RECV_ERROR; + } + + /* Base64 encode the response */ + result = Curl_base64_encode(NULL, (char *) ntlm->output_token, + type_3_buf.cbBuffer, outptr, outlen); + + Curl_sasl_ntlm_cleanup(ntlm); + + return result; } /* -- cgit v1.2.3